As a visitor to SF I'm having a hard time trying to understand why there is so much anger directed towards 'techies' and not towards the city/mayor. Isn't it the mayor's responsibility to ensure that housing supply can meet demand and low income earners are not pushed out of the city entirely?
I think it's fair to say the majority of SF residents strongly oppose increases to housing density through rebuilding, so the mayor and the supervisors should not be defying them. If SF residents also don't like the resulting market prices and gentrification, they need to change their minds about which is worse. I think what they really want is to be a city-state that can stop the farang/Ausländers from deciding to relocate there, but in the US they can't have that.
No, that is not the mayor's job at all. Well it shouldn't be. If a mayor tries to make it his job, he'll fail because things like "housing supply" cannot be managed by government.
Governments set rules which directly affect markets - housing in particular is subject to tons of planning and manipulation by government. They absolutely can change supply.
Want to bring on more high-density housing? Change zoning rules so it is easier to get permits.
Housing regulations tend to be extremely local and I'm not a SF resident, but it is stunningly naive to claim that "housing supply" cannot be influenced by government. I realize Americans love to hate them, but city planning is one thing that governments are actually really helpful to have manage.
Doesn't the city effectively control housing supply by issuing permits for new buildings and controlling zoning boundaries? I can see how the city cannot produce new housing but it seems they can definitely restrict housing supply.
If anyone thinks weev deserves any sympathy, you don't know the full story. weev had malicious intent and wanted to harm AT&T by exposing users data. Instead of doing anything remotely rational he took all the data and wanted to sell it.
Laws take into account indent (mens rea) and there is a lot of evidence in his indictment that he wanted to profit off this act. He shouldn't be compared to Aaron Swartz
I know weev personally. He's "an unsympathetic defendant", and probably the 9th level Internet Troll, but his goal was fundamentally speech -- he wanted to draw a lot of attention to the issue, and embarrass ATT (hopefully enough that they'd stop being such fuckups about security), etc.
He wasn't trying to profit from this. If that had been his goal, he would have been a lot more stealthy.
It's arguable that he had "cleaner" motives in his act than aaronsw -- some people say aaronsw wanted to release all the files he recovered to the Internet (although there's no proof of that); weev just wanted ATT to suck less.
weev has said things far worse than what's alleged in this case (that they wanted to compile a list and direct market the users); yet, if you judge him by what he's actually done, he's just an asshole at times, but basically reasonable. Fortunately just being an ass isn't a federal crime (although I guess conspiracy to be an ass is).
Being an "an unsympathetic defendant" frankly makes it even more important to support him. One of the worst things with these out of proportion indictments/sentences is that they leave too much room for other factors, which can turn into things like political repression.
So he committed a crime and wrote words that characterize the intent behind crime in such a way as to increase prosecutorial interest and sentencing. Now you are saying he was just joking around when he said those things?
Perhaps it's true, but it's stupid and it's hard for me imagine anyone taking that explanation seriously, certainly prosecutors and judges.
If you walk into a bank with a gun and ask the teller for money, then say "just kidding", .... Good luck.
Yes, weev is an idiot. Yes, weev is abrasive. Fortunately neither of those are themselves crimes.
Weev has always taken anything and turned it into drama. That's the whole Internet Troll thing. A normal defendant wouldn't, when faced with a chance to reduce his sentence by 1-3 years by "accepting responsibility", post something like this to the press. It basically screams "upward departure" to a judge, while at the same time rallying people on the Internet, which doesn't really mean so much inside a federal ass-rape prison.
There is a difference between being abrasive and openly declaring unlawful intent. While the latter is not (always) illegal, it is a legitimate factor for prosecutorial discretion and sentencing.
Yeah but prison time, followed by secret service, not allowed to use computers, not allowed to take jobs... for what, compiling a list of email addresses that an public API was happily returning to him? Despite his questionable handling of the situation, I don't support that kind of draconian punishment.
Agreed - I can despise his behavior, and how he handled this situation, but at the same time say what he did should not be considered a felony, and, based on what I read on the ArsTechnica article, it's not even clear if I feel like it's criminal.
I think it should be illegal to commercially exploit personally identifying information if it is obviously not published intentionally or with permission. If my personal details were accidentally leaked, I'd prefer every law abiding company didn't suddenly use this information to focus me in their spam cannon sights.
Whether this should be a felony should relate to how conspiratorial the intent and whether there's a reasonable expectation that the persons whose information is involved will be affected. It does sound like weev was doing something that would screw the AT&T customers involved -- a pretty nasty move.
If this were the case there would be a large number of corporate executives behind bars tonight. The biggest problem as I see it is that there is one rule for well heeled, connected, corporate types and another for poor, zany, out there types. What happened to all created equal and justice for all?
"That guy got life in prison all for moving a knife about two feet in a certain direction! The system is corrupt!"
I wish people could be a little more honest in the way they describe computer crimes. He knew or should have known that that api was not meant for public use. He is being punished for using it despite this knowledge.
So even though he didn't do anything illegal with the data, you think it is criminal that he didn't obey some unwritten rule about using an API in that way? If I wrote a script to scrape 10 million e-mail addresses from usenet, am I a felon because usenet isn't supposed to be used that way? What if I just want to analyze the patterns or show the world how easy it is to scrape?
Seems to be a little more of a gray area, considering using is a service that IS publicly available and labelled as such. I don't find the two to be analogous, if that is what you are asking.
Why do you even ask that. Isn't it obvious from my post that I'm pointing out that overly charitable wordings are misleading? Do you honestly believe that someone could have the mental capacity to enter words into this site and be unable to perceive the distinction between these two crimes? Or were you just trying to score a cheap rhetorical point by intentionally misreading me?
And again, of wasn't just wrapping curl in a for loop. It was doing that with the knowledge that the target was not meant to be public, storing that information, and sharing it with the media.
Also, it wasn't murder, it was assault with a deadly weapon. The victim went on to make a full recovery but it was the defendant's third strike.
>It was doing that with the knowledge that the target was not meant to be public
AT&T's intent isn't really relevant. The fact is, they published all of those emails publicly. They certainly didn't mean to, but I fail to see how accessing public websites can be considered a crime, even if you access lots of them when the company doesn't want you to. If I forget to close my blinds before having sex, that doesn't make anyone who walks by on the street and sees me a criminal. Nor are they criminals if they take a picture and post it on reddit. It's your job not to expose that material publicly if you want it to be private.
>storing that information, and sharing it with the media.
Neither of these are acts that should be considered criminal, just as the storing and uploading to reddit of an embarrassing photo is not criminal. Would it still have been criminal if he had passed the bash one-liner to the media, instead? What's the difference? The responsibility for the leak still resides with AT&T, and them alone.
Now, none of this is to say that I condone of weev's actions. I certainly would have handled the situation differently. But being rude and being a criminal are not synonymous.
> AT&T's intent isn't really relevant. The fact is, they published all of those emails publicly. They certainly didn't mean to, but I fail to see how accessing public websites can be considered a crime, even if you access lots of them when the company doesn't want you to.
In the meatspace it happens all the time that you can get in trouble for being somewhere you're not supposed to even if they forgot to hit the locks on the way out.
Or for a possibly more relevant example, what happens in real life if you find an ATM that has an error such that it gives you twice as much cash as you asked for? Is it still theft if you take it? (Hint: Yes)
Should that equate to a felony here, where no authentication shenanigans were employed? I don't think so, but I wish we'd quit with the victim blaming here on HN.
I also wish we'd separate the enforcability of something from its morality or legality. There's many, many minor things wrong that people can do that even the current state can't hope to fully enforce, but that doesn't make it right, it makes it a fact of life. But if you do somehow get caught doing something that 99% of the rest manage to get away with, shame on you.
By the way, that ATM example wasn't made up: http://investorplace.com/2012/11/faulty-atm-gives-out-extra-... (the Bank opted not to try to find out which customers took the money, due to the difficulty with getting accurate evidence, not because it was right to take the money)
You're absolutely right, and I'd call that a failing of the law. Just because someone intends to create a system with some degree of security does not mean people who access said unsecured system should be considered criminals.
If AT&T didn't want to publish their users' data publicly, they didn't have to. But they did. Anything done with that data after that point is 100% their fault.
Seriously? That you actually believe his punishment fits the crime is incredibly saddening. If even the top voted comment on a site that understands the issue believes the punishment is appropriate, imagine the discussion in a law firm or in parliament. Anybody in the USA touching a computer will be in trouble soon. Can't wait for the next batch of laws.
Punishing people for purposefully disclosing private information that is clearly not intended to be public is the path to "everyone touching a computer will be in trouble soon?" You act as if he was just playing around on his own computer minding his own business when the big bad government broke his door down.
Don't act so surprised and imposed upon that a culture that very much respects fences sees something wrong with intentionally poking your nose where it doesn't belong, online or offline.
Wasn't it just email addresses that he published? I'm all for protecting personal information, but I find it hard to believe it's a felony for collecting a list of email addresses.
The crime in question was accessing a computer system in an unauthorized fashion to collect e-mail addresses.
Yes, the distinction is relevant. Taking photos of my wife in public and publishing them? Creepy but not illegal. Walking through my door (locked or unlocked, it doesn't matter) to take photos of my wife in my house? You're lucky if you don't get shot.
What good reason do you have to be poking around in my /hiddenstuff directory? If I leave my car door unlocked, do you take it as an invitation to look through my CD's?
Correct analogies help. Stuff in the internet doesn't just "exist", clients receive it by asking servers. So the analogy here would be a guy coming up to your door, asking for a photo of your wife. If you then hand it to him, and continue doing so as he keeps coming back for more photos, how can you claim it was unauthorized? You made the choice, after all!
In your analogy, the only reason it's okay is the presumed consent that arises from my just handing you the pictures, and the fact that you can reasonably infer that I consent because I handed you the pictures.
You can't anthropomorphize the web server like that. You cannot say this guy reasonably inferred that AT&T intended him to have access to these e-mail addresses. It's a dumb piece of equipment--a broken door lock. An unlocked door does not mean you are invited to come in.
There is no lock, not even a broken one. There is a machine (the webserver) that is handing out private data to everyone who asks and then probably even makes a note that he did so. I'm not anthropomorphizing that part, that is how the protocol works. "GET .." ("200 OK" | "403 Forbidden")
Now the server provider is responsible for having not adequately secured the customers information, and the guy who asked for that information is responsible for what he does with that information. What I won't accept is that you criminalize the mere request for said information and the retrieval of whatever response is returned.
But, in this case - didn't he just spoof a user agent and toss fairly guessable CCID numbers?
Certainly hacking, and given that he doesn't work for, or is associated with AT&T - some type of criminal trespass - but, we're talking community service here, not a felony. Slap the hand, don't cut it off.
I would hope we can all agree that there is a pretty big difference between a pervasive attack where someone spear-phishes a user inside a company, plants a trojan, and uses that to acquire sensitive intellectual property for financial gain, and/or do damage - versus what weev did - trying some pretty obvious numbers on the public website with an iPad user agent.
> Certainly hacking, and given that he doesn't work for, or is associated with AT&T - some type of criminal trespass - but, we're talking community service here, not a felony. Slap the hand, don't cut it off.
I agree, but he's not being charged with felonies for simply poking around. He's being charged with felonies for what he claims he was going to do with the information.
The defense seems to be that he wasn't actually going to do that, but it's the domain of the jury to decide his intentions based on his actions.
When you send packets to an internet-connected device, and that device sends some packets back to you, that is not "trespass". You haven't "gone" anywhere, and you certainly didn't cross any "property lines". Much in the way that the copyright mafia wants to redefine "piracy" from "murder and plunder on the high seas" to "listening to a friend's MP3", numerous other bad people will be thrilled when the public accepts "SYN,SYN-ACK,ACK" as a new meaning of "trespass".
In Texas, they don't convict homeowners who shoot trick or treaters trespassing on private property
Please clarify. Are you trying to say that there exists any justification for this idiotic Texanity? Because there isn't, and therefore you can't logically use it to justify this other unjustifiable thing.
Also, sending packets to an internet-connected device, and then reading the packets it sends back to you, is in no sense "trespassing". Trespass is being physically present in a physical location in which you aren't welcome. You can't trespass while you're physically in your mother's basement. Please don't mangle the English language.
I don't approve of his motives or actions either, but still, it seems that spending years in jail is a disproportionate punishment for the amount of harm he may have caused AT&T or its customers. This article says that they had second thoughts about how smart their plans actually were and ended up deleting the data rather than selling it to anybody. And it's doubtful that their actions had any lasting effect on the stock price of AT&T - data leaks are a fairly frequent occurrence among large corporations.
The intent is immaterial if the actions are not against the law.
If accessing published information (and incrementing a number in an url cannot be considered breaking in ...) is against the law, there is something terribly wrong with the law.
That said if he tried to use the data to extort money from AT&T that would of course be a criminal offense (even if the "intent" was robinhoodian).
To illustrate with an analogy:
If someone takes a picture of a hapless drunk girl dancing topless in a bar (AT&T), that is not criminal.
If this person approaches the girl and asks for money to delete the incriminating pictures, that is extortion.
If the person sells the picture to an interested third party, this might constitute the case for a civil lawsuit (see the texxxan case...)
In any case no special laws are needed for judging behaviour in the virtual world.
There is no indication he wanted to sell it. He wanted to embarrass AT&T, and that isn't a crime. Changing the number in a URL is not identity fraud.
This is exactly the same thing that was thrown at Aaron, even if you don't find the target as sympathetic.
"He that would make his own liberty secure, must guard even his enemy from oppression; for if he violates this duty, he establishes a precedent that will reach to himself." -Thomas Paine
That does not appear to be true. From the Ars Technica article on the case:
"Auernheimer then helped Spitler refine his script to harvest a large number of valid e-mail addresses of iPad 3G users, suggesting that a huge data set would be needed to "direct market iPad accessories" or start a "future massive phishing operation," noting that the data breach would be "huge media news."
That is a joke. He is a troll. He makes satire videos and makes statements like that left and right. His security company was called "goatse security" and it was an ASCII picture of an anus.
This might be offensive, juvenile, or unfunny, but it's nothing remotely close to criminal. The feds took a private IRC log out of context and pasted it into the indictment.
This is not what the prison system exists for, and we are all worse off for using it this way.
If what he says is a joke, and he's a troll, then he's also an unreliable witness. Hence why a trial is unnecessary to find out the truth? Because how can one know that he's telling he real story now?
Really, if you confess to a crime, and then turn around and say "ha ha, only kidding!" don't be surprised if people find it hard to trust anything you say.
Note: I'm taking what you've said here at face value and otherwise know very little about this case.
Yeah yeah. He should "man up" or something like that. Those bastard hackers, self declared trolls, activists and stuff...
Do you guys always know the full story behind the news and comment accordingly? If you do based on the articles you read around, I want to remind you that in Aaron's case what you could read about the case was less than half the truth and there are still things we're not sure.
Unless you know something everyone else doesn't then what is published about the Schwarz case is on the record and in the books. So you're saying that the prosecutors were correct in the charges they brought?
Absolutely not, he should have checked with a lawyer first about how to accomplish his objectives within the framework of the law. Then he would not be in jail but instead making lots of money.
It's really not that hard to compile a list of email addresses from a public API in a way that doesn't violate the law.
People that describe themselves as trolls are generally bigoted idiots and I feel no sympathy. I'm sorry if that's a stereotype but I can't help myself, the internet hasn't been nice to me.
Whether they're bigoted or idiotic shouldn't affect how the law affects them, though. If the person committing this crime was a nice, inoffensive guy, would the law remain justified?
May we see some proof of the full story. There's nothing to that effect in the IRC logs other than some jokes about how the data is valuable and how they could sell iPad accessories. As if. What did he do? Wrote a bunch of journalists to get press and then deleted the data.
How does one implement message passing without atomic instructions and/or locks? Without some sort of lock I fail to see how one can have mutual exclusion on a message queue.
EDIT: I also fail to see how this is academic atomic instructions are needed to implement any basic concurrency construct.
A serious alternative to Jekyll is Nanoc[1]. It is absurdly easy to compile any format to another format using a simple 'Rules' file. I for example have pandoc -> HTML with custom syntax highlighting and LaTeX -> pdf on my personal website [2]. Everything is customization and configurable so you can have your own conventions for posts, etc.
I have to strongly advise against nanoc and recommend middleman[1] instead.
The problems with nanoc unfortunately only become apparent after you've invested significantly into it and your site starts to grow in complexity and/or size (file-count). I've been there and it wasn't fun at all...
The first problem is the obscure Rules DSL. It feels somewhat elegant in the beginning when you're mostly working of the canned examples. But once you divert from the beaten paths it quickly turns into a hairy mess and you find yourself with a >300 lines rules file, various workarounds tacked into the 'preprocess'-block, a conglomerate of "filters" and "helpers", and a rapidly fading memory of "How did all this fit together again?".
The second problem is performance. If your site contains auto-generated parts (e.g. API-docs) then the number of files may quickly grow into the thousands. Nanoc doesn't cope well at such sizes. In the end the compile-phase took 10 minutes(!) for my ~9k file-project on a beefy machine.
That said, nanoc is okay for smallish projects, just beware the constraints.
Middleman has been a more pleasant experience here (after the porting pains). It's a much more straightforward design. I can come back to it after a month or two and be immediately productive again. With nanoc this always involved a lot of pain re-learning the Rules-magic and interdependencies...
I haven't used nanoc much, but I will second the recommendation for middleman. My experience with middleman is that it's one of the rare things that makes simple things easy while scaling well to not-so-simple things. Creating a basic site with a few static pages that share a template is completely painless, and because it's based on Sinatra it's pretty straightforward to use things built for that or Rails when you need to do something not built into middleman.
I've experienced some quirks with nanoc as well, although my site is ultimately simple enough that I don't have to mess with Rules that much. I'd still be interested to try it out. How painful was porting nanoc to middleman?
Do you have any resources for anyone who is porting from jekyll/octopress/nanoc to middleman? Even a short post describing particular porting pains you ran into and how you mitigated them would be great.
Well, I started by first cobbling together a basic middleman "hello world" app and then fleshing it out until I met my legacy app in the middle. There wasn't much straight porting from nanoc (apart from the HTML, JS and CSS) since the ruby-logic doesn't quite translate between the two.
I'd recommend to look at the "community templates" (linked from the MM-site). The "HTML5 Boilerplate"-template had nearly everything covered that I was interested in (I only swapped out 'suzy' for 'less') and since MM is such a simple design it really only took a few hours to feel at home.
I'll second this. I switched from Jekyll to nanoc about a year and a half ago, and I'm very happy with it. I wrote a short piece about extending nanoc (to add categories) that people may find useful[1]. nanoc's own website has good introductory documentation[2], and the Github wiki also has good pages for examples[3] (sites that use nanoc) and samples4] (sites using nanoc with public source code).
Afghanistan has been a perpetual warzone for decades now and every attempt after each war to rebuild important civil instituions (courts, taxes, police) has been poorly done. In the brief period where there were institutions and stability things were better. If from the article, “During the time of the Taliban we did not have such encounters. Everyone kept to his lane.”.
I'm trying to think of what the good people of Afghanistan can do to create good regions of Afghanistan. It seems clear that good people need to band together, get some serious firepower, and create a safe haven where the One Rule (no destruction) is strictly enforced.
It's a fascinating problem because it's almost like dealing with a zombie apocalypse. Too bad that it's real.
> It seems clear that good people need to band together, get some serious firepower, and create a safe haven where the One Rule (no destruction) is strictly enforced.
This almost exactly describes what the Taliban did. Except in their moral system, the One Rule is different than in your moral system.
>This almost exactly describes what the Taliban did. Except in their moral system, the One Rule is different than in your moral system.
Read The Kite Runner for a gripping insight into what the Taliban was. There was no rule, only naked force in the name of religious fundamentalism. Enforcement was (and is) arbitrary and brutal.
The One Rule is totally, completely compatible with Islam. However, it is incompatible with any any belief, religious or otherwise that values anything above non-destruction. The big problem in the Muslim world is, in my view, that they are confused on this point. Enforcing a prohibition of the expression of blasphemy instead of enforcing a prohibition of violence and destruction is a critical mistake, and the entire nation pays the price in perpetuity.
If the universe has anything approaching a built-in moral standard, it's this, and it's implied strongly by the second law of thermodynamics. It's far easier to destroy than to create, and so any culture that doesn't give creation asymmetrical importance is going to relegate it's followers to a life of squalor and violence.
I think I get your point, but you need to re-phrase the zombie apocalypse part.
Afghanistan is a country that has been fractured by civil war or the fight against invaders for all of its living memory and is struggling to find unity.
A zombie apocalypse on the other hand is a fictional event in which a horde of brainless demons tries to kill all humans.
I'm sorry that I've offended your sensibilities, but there is a strong parallel with the chaos in Afghanistan (or Somalia for that matter) and a zombie apocalypse. Two parallels in particular stick out: there is no strong central authority, and there is the constant threat of violence. For zombies, the violence is directed toward "eating brains" or something equally ridiculous, for Afghans the violence vector is directed toward "anyone who disagrees with me or who I or my tribe doesn't like", and seems particularly informed by Islamism and hatred of the West.
Further, the problem of 'infection' is very similar. Even if you create a "safe zone" it's not necessarily safe. Consider the recent rash of killings when our Afghan "allies" have turned on US servicemen, killing them in cold blood in so-called "Green on Blue" attacks. (About 100 servicemen have been murdered in this way in the last 3 years).
This is an awesome improvement to the Makefile for bootstrap. The OP clearly sees the strengths of make and hopefully upstream will incorporate these changes.
If you can write a little C program that speaks enough of the game's wire protocol to simulate a bot, send nasty packets, and also provide a vote of confidence when other bots ask if those packets are correct--and then run 100000 of them over a few machines--then 99.999% of your clients could be "cheating" while there are still people trying to play a real game.
This can't happen because it is illegal for telecommunications providers to be foreign owned. The correct first step would be to lobby our "free market" prime minister to let the free market operate.
I work for a telco in Canada and the CRTC has just passed a ruling to allow competition into the market for the first time ever in this operating area.
I'm not 100% certain, but I think at least one of the new competitiors coming in is foreign owned. They'll be offering wireless, wireline and internet services.
(This applies as long as the total annual telecommunications revenues of the new telco represent less than 10% of total Canadian telecommunications revenues, so it basically applies to every newcomer, which is what we have in our operating area)
Yeah I'd sign this if it had even a snowballs chance in hell of making a difference. Telecom in Canada is such a racket right now I just see no real hope. My biggest hope for change right now is that Wind actually gets the government to agree to let them compete fairly.
